What is GHSA-7wfw-gfch-rf74?

GHSA-7wfw-gfch-rf74 is a security advisory published by GitHub Security Advisories with Critical severity. WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload...

Which CVE IDs does GHSA-7wfw-gfch-rf74 cover?

GHSA-7wfw-gfch-rf74 covers the following CVE IDs: CVE-2021-47965. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7wfw-gfch-rf74?

GHSA-7wfw-gfch-rf74 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-7wfw-gfch-rf74CriticalCVSS 9.8

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2021-47965 →

📋 Description

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2021-47965
https://wordpress.org
https://wordpress.org/plugins/wp-super-edit
https://www.exploit-db.com/exploits/49839
https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload
https://github.com/advisories/GHSA-7wfw-gfch-rf74